EXODUS BLOG

Vulnerability Analysis

Exodus Intelligence 2016 Training Course

MAY 18, 2016

Vulnerability Development Master Class Since our inception, Exodus Intelligence has provided training courses on a variety of advanced subjects which have consistently been filled with students from around the world. Over the last few years, we’ve...

Execute My Packet

FEBRUARY 10, 2016

Contributors David Barksdale, Jordan Gruskovnjak, and Alex Wheeler 1. Background Cisco has issued a fix to address CVE-2016-1287. The Cisco ASA Adaptive Security Appliance is an IP router that acts as an application-aware firewall,...

Stagefright: Mission Accomplished?

AUGUST 13, 2015

Update (2015-08-13 1:16pm CST): We’ve been in contact with Zimperium and are working with them to provide coverage for detection of this flaw through their Stagefright Detector app. They have been very responsive (more...

Tails from the Cri2p

AUGUST 25, 2014

In continuation of the previous blog Fairy Tails and Silver Bullets we present the technical details of the flaws found in I2P (Invisible Internet Project) that also affects the Tails operating system.

Silver Bullets and Fairy Tails

JULY 23, 2014

Introduction This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system. As the Tails website states: Tails is a live operating system, that you...

A browser is only as strong as its weakest byte – Part 2

DECEMBER 9, 2013

As promised, the follow up from our previous post. Before Thanksgiving, we left off with IE9 coughing up bytes. We’ll poke it some more today and make it do a little dance for us....

A browser is only as strong as its weakest byte

NOVEMBER 26, 2013

Back in September, FireEye posted a blog entry discussing CVE-2013-3147, a vulnerability in Microsoft Internet Explorer. They pointed out that Microsoft patched the issue on July 9th in Bulletin MS13-055. While reading their post...

DoS? Then Who Was Phone?

JANUARY 7, 2013

Introduction This post presents exploitation notes on a vulnerability we discovered in Asterisk, an open source telephony solution produced by Digium. We reported this bug to Digium on November 27th, 2012, and provided it...

Bypassing Microsoft’s Internet Explorer 0day “Fix It” Patch for CVE-2012-4792

JANUARY 4, 2013

Update: After we reported our bypasses to Microsoft, they released the MS13-008 bulletin to patch CVE-2012-4792 officially. After posting our analysis of the current 0day in Internet Explorer which was used in a “watering...

Happy New Year Analysis of CVE-2012-4792

JANUARY 2, 2013

A new year has arrived and, although a little late, the time has come for me to unpack the present that Santa gave to the Council on Foreign Relations this Christmas. Quite a few...

← Previous 1 … 3 4 5 Next →